Cybersecurity the billion pound problem - UCL€¦ · Bangladesh Bank heist Feb 2016 $81 million...

14
© 2015 IBM Corporation Juliet Grout Cybersecurity the billion pound problem

Transcript of Cybersecurity the billion pound problem - UCL€¦ · Bangladesh Bank heist Feb 2016 $81 million...

Page 1: Cybersecurity the billion pound problem - UCL€¦ · Bangladesh Bank heist Feb 2016 $81 million was stolen through fraudulent transac/ons sent via SWIFT April 2016 11.5 million leaked

© 2015 IBM Corporation

Juliet Grout

Cybersecurity the billion pound problem

Page 2: Cybersecurity the billion pound problem - UCL€¦ · Bangladesh Bank heist Feb 2016 $81 million was stolen through fraudulent transac/ons sent via SWIFT April 2016 11.5 million leaked

2 ©2015IBMCorpora/on

AgendaWhatistheCybersecurityproblem?DataBreaches/ACacksSecurityModelDataGrowthACackSourcesPasswordsACacktypes–Ransomware,ManintheMiddle,SpearPhishingNoMagicBulletWhat’snext?

Page 3: Cybersecurity the billion pound problem - UCL€¦ · Bangladesh Bank heist Feb 2016 $81 million was stolen through fraudulent transac/ons sent via SWIFT April 2016 11.5 million leaked

3 ©2015IBMCorpora/onSource Ponemon Institute 2016 Cost of Cyber Crime Study & the Risk of Business Innovation

WhatistheCybersecurityproblem?Criminalac/vityconductedviatheInternetfromstealingIP,data,crea/nganddistribu/ngvirus,confiden/alinforma/on,disrup/ngacountry'scri/calna/onalinfrastructure.DirectcostsIndirectcostsOpportunitycostsUKcompaniesgreaterthan1000employees,averagecostofcybercrimeperorganisa/onwas$7.21millionfor2016.

Page 4: Cybersecurity the billion pound problem - UCL€¦ · Bangladesh Bank heist Feb 2016 $81 million was stolen through fraudulent transac/ons sent via SWIFT April 2016 11.5 million leaked

4 ©2015IBMCorpora/onhttps://www.ncsc.gov.uk/content/files/protected_files/news_files/The%20Cyber%20Threat%20to%20UK%20Business%20%28b%29.pdf

CybercrimeisseenasaCrac/veop/onforcriminals,highROIes/matesabove1000%formalwarecampaign.Interpoles/matescybercrimalac/vityhascost750billioneurosperyearinEurope.

Page 5: Cybersecurity the billion pound problem - UCL€¦ · Bangladesh Bank heist Feb 2016 $81 million was stolen through fraudulent transac/ons sent via SWIFT April 2016 11.5 million leaked

5 ©2015IBMCorpora/onhttps://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/a-rundown-of-the-biggest-cybersecurity-incidents-of-2016#UkrainianPowerGrid

DataBreaches/ACacksInthepast18monthsmoredatabreacheshavehadmorerealworldimpact

MalwarecausedpoweroutageinUkraineDec2015

BangladeshBankheistFeb2016$81millionwasstolenthroughfraudulenttransac/onssentviaSWIFT

April201611.5millionleakeddocumentsfromPanamanianlawformknownasthePanamaPapers

MiraiwormNov2016900,000customersofGermanISPDeutscheTelekom(DT)knockedoffline.

Page 6: Cybersecurity the billion pound problem - UCL€¦ · Bangladesh Bank heist Feb 2016 $81 million was stolen through fraudulent transac/ons sent via SWIFT April 2016 11.5 million leaked

6 ©2015IBMCorpora/on

SecurityModelConfiden/ality–informa/onisnotmadeavailableordisclosedtounauthorizedindividuals,en//esorprocessesIntegrity–ismaintainingandassuringtheaccuracyandcompletenessofdataoveritsen/relife-cycleAvailability–dataisavailableHowtoimproveSecurityPeopleProcessTechnology

Page 7: Cybersecurity the billion pound problem - UCL€¦ · Bangladesh Bank heist Feb 2016 $81 million was stolen through fraudulent transac/ons sent via SWIFT April 2016 11.5 million leaked

7 ©2015IBMCorpora/onsource http://mylio.com/true-stories/tech-today/how-many-digital-photos-will-be-taken-2017-repost

DataGrowthPredic/ngdatagrowthinworldwheredataisresidinginmoreplacesthanever,ischallenging.OnewaytoillustratethegrowthindataistolookatthegrowthindigitalphotographstakenintheworldBusinessperspec/vedatausedtoresideinaserverroom,nowwithgrowthofapps,newbusinessmodelsdataismuchmoredistributed

Page 8: Cybersecurity the billion pound problem - UCL€¦ · Bangladesh Bank heist Feb 2016 $81 million was stolen through fraudulent transac/ons sent via SWIFT April 2016 11.5 million leaked

8 ©2015IBMCorpora/on

ACackSources

https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=WGL03140USEN&

Page 9: Cybersecurity the billion pound problem - UCL€¦ · Bangladesh Bank heist Feb 2016 $81 million was stolen through fraudulent transac/ons sent via SWIFT April 2016 11.5 million leaked

9 ©2015IBMCorpora/on

Passwords

https://blog.keepersecurity.com/2017/01/13/most-common-passwords-of-2016-research-study/

Keeperresearchteamanalyzedover10millionpasswordsavailableonthepublicwebNearly17%ofusershavethetoppassword–123456Thetop25passwordscons/tuteover50%ofthe10Millionpasswordsanalyzed

Password)psAvoiddic/onaryterms–usepassphraseinsteadUseavarietyofcharactersUseapasswordmanagerUsedifferentpasswordsforeachsite/applica/on

Page 10: Cybersecurity the billion pound problem - UCL€¦ · Bangladesh Bank heist Feb 2016 $81 million was stolen through fraudulent transac/ons sent via SWIFT April 2016 11.5 million leaked

10 ©2015IBMCorpora/on Source: IBM X force Research Ransomware: How consumers and businesses value their data

RansomwareIsatypeofmalicioussohware,designedtoblockaccess(egencrypt)toacomputersystemun/lasumofmoneyispaid.

Page 11: Cybersecurity the billion pound problem - UCL€¦ · Bangladesh Bank heist Feb 2016 $81 million was stolen through fraudulent transac/ons sent via SWIFT April 2016 11.5 million leaked

11 ©2015IBMCorpora/on

ManinthemiddleaCackThisisanaCackwhichinterceptscommunica/onbetweentwosystems.70+iOSappsintheapplestorearevulnerabletomaninthemiddleaCacks,es/matesarethattheseappshavebeendownloadedmorethan18million/mes.Technicalbestprac/cescanensureriskislimitedfromcompaniesusingVPN,usingendpointauthen/ca/on.Whatcanyoudo?LimituseofpublicnetworksandbeawareofwhatdatayouaretransferringusingthembesuspicioushCp://www.theinquirer.net/inquirer/news/3004099/70-something-ios-apps-are-vulnerable-to-man-in-the-middle-aCacks

Page 12: Cybersecurity the billion pound problem - UCL€¦ · Bangladesh Bank heist Feb 2016 $81 million was stolen through fraudulent transac/ons sent via SWIFT April 2016 11.5 million leaked

12 ©2015IBMCorpora/onhttp://www.bbc.co.uk/news/business-35250678

SpearPhishingThisisthefraudulentprac/ceofsendingemailsandothercommunica/onthatappeartobefromaknownontrustedsenderinordertoinducetargetedindividualstorevealconfiden/alinforma/on.Ohenverytargeted,incorpora/onswilltargetfinancialpersonnel

Page 13: Cybersecurity the billion pound problem - UCL€¦ · Bangladesh Bank heist Feb 2016 $81 million was stolen through fraudulent transac/ons sent via SWIFT April 2016 11.5 million leaked

13 ©2015IBMCorpora/on

No Magic Bullet

People, Process and Technology all three need to be consistently improving to stay ahead of the Cyber security problem.

Page 14: Cybersecurity the billion pound problem - UCL€¦ · Bangladesh Bank heist Feb 2016 $81 million was stolen through fraudulent transac/ons sent via SWIFT April 2016 11.5 million leaked

14 ©2015IBMCorpora/on

What’snext?

!  Data Growth increase with adoption of IOT, cheap to adopt for companies who are non technology at their core. Gartner predict that by 2020 there will be 21 billion connected devices.

!  GDPR – General Data Protection Regulation, new EU regulation biggest shake up in 20 years of Data privacy comes into force May 2018

!  NCSC – National Cyber Security Centre – part of GCHQ launched by government in 2016

!  Biometrics - Mastercard storing biometric data on card’s chip launched April 2017 after successful pilot